🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-11446)
CVE-2019-11446
CWE-434
High
CakePHP Deserialization of Untrusted Data Vulnerability (CVE-2019-11458)
CVE-2019-11458
CWE-502
High
ProjectSend Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-11492)
CVE-2019-11492
CWE-532
High
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1102)
CVE-2020-1102
CWE-434
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7416)
CVE-2016-7416
CWE-119
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7412)
CVE-2016-7412
CWE-119
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19216)
CVE-2020-19216
CWE-138
High
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1024)
CVE-2020-1024
CWE-434
High
Django 7PK - Security Features Vulnerability (CVE-2016-7401)
CVE-2016-7401
-
High
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-1023)
CVE-2020-1023
CWE-434
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19217)
CVE-2020-19217
CWE-138
High
PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-7133)
CVE-2016-7133
CWE-190
High
PHP NULL Pointer Dereference Vulnerability (CVE-2016-7132)
CVE-2016-7132
CWE-476
High
PHP NULL Pointer Dereference Vulnerability (CVE-2016-7131)
CVE-2016-7131
CWE-476
High
Apache Tomcat Incorrect Authorization Vulnerability (CVE-2016-6797)
CVE-2016-6797
CWE-863
High
Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6668)
CVE-2016-6668
CWE-200
High
MediaWiki CVE-2019-12474 Vulnerability (CVE-2019-12474)
CVE-2019-12474
-
High
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12466)
CVE-2019-12466
CWE-352
High
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6606)
CVE-2016-6606
CWE-200
High
MediaWiki Improper Access Control Vulnerability (CVE-2016-6337)
CVE-2016-6337
CWE-284
High
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6335)
CVE-2016-6335
CWE-200
High
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6332)
CVE-2016-6332
CWE-200
High
MediaWiki Improper Access Control Vulnerability (CVE-2016-6331)
CVE-2016-6331
CWE-284
High
Ruby on Rails Improper Access Control Vulnerability (CVE-2016-6317)
CVE-2016-6317
CWE-284
High
OpenSSL Improper Input Validation Vulnerability (CVE-2016-6305)
CVE-2016-6305
CWE-20
High
WebLogic CVE-2021-2157 Vulnerability (CVE-2021-2157)
CVE-2021-2157
-
High
Apache Traffic Server HTTP Request Smuggling Vulnerability (CVE-2020-17509 )
CVE-2020-17509
-
High
OpenSSL Resource Management Errors Vulnerability (CVE-2016-6304)
CVE-2016-6304
-
High
OpenSSL Improper Input Validation Vulnerability (CVE-2016-6302)
CVE-2016-6302
CWE-20
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-6297)
CVE-2016-6297
CWE-119
High
Apache Traffic Server Memory Disclosure Vulnerability (CVE-2020-17508)
CVE-2020-17508
-
High
MediaWiki CVE-2019-12472 Vulnerability (CVE-2019-12472)
CVE-2019-12472
-
High
MediaWiki CVE-2019-12473 Vulnerability (CVE-2019-12473)
CVE-2019-12473
-
High
phpMyAdmin Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2016-6609)
CVE-2016-6609
CWE-138
High
phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-6611)
CVE-2016-6611
CWE-138
High
MySQL Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-6664)
CVE-2016-6664
CWE-59
High
Dot CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-18875)
CVE-2020-18875
CWE-138
High
MySQL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2016-6663)
CVE-2016-6663
CWE-362
High
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12170)
CVE-2019-12170
CWE-434
High
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6635)
CVE-2016-6635
CWE-352
High
phpMyAdmin CVE-2016-6633 Vulnerability (CVE-2016-6633)
CVE-2016-6633
-
High
phpMyAdmin Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2016-6631)
CVE-2016-6631
CWE-138
High
WebLogic CVE-2021-2109 Vulnerability (CVE-2021-2109)
CVE-2021-2109
-
High
phpMyAdmin Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-6621)
CVE-2016-6621
CWE-918
High
MySQL CVE-2021-2144 Vulnerability (CVE-2021-2144)
CVE-2021-2144
-
High
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12385)
CVE-2019-12385
CWE-138
High
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-17527)
CVE-2020-17527
CWE-200
High
Apache Tomcat Insufficiently Protected Credentials Vulnerability (CVE-2019-12418)
CVE-2019-12418
CWE-522
High
phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-6619)
CVE-2016-6619
CWE-138
High
silverstripeCMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12437)
CVE-2019-12437
CWE-352
High
phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-6617)
CVE-2016-6617
CWE-138
High
phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-6616)
CVE-2016-6616
CWE-138
High
Jetty Integer Overflow or Wraparound Vulnerability (CVE-2023-36478)
CVE-2023-36478
CWE-190
High
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2017-12174)
CVE-2017-12174
CWE-400
High
Liferay Portal Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-5327)
CVE-2010-5327
CWE-264
High
phpMyAdmin Other Vulnerability (CVE-2004-2632)
CVE-2004-2632
-
High
Moodle Missing Authorization Vulnerability (CVE-2024-43431)
CVE-2024-43431
CWE-862
High
PHP Resource Management Errors Vulnerability (CVE-2010-2225)
CVE-2010-2225
-
High
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2026-29169)
CVE-2026-29169
CWE-476
High
Moodle Insufficient Verification of Data Authenticity Vulnerability (CVE-2024-43428)
CVE-2024-43428
CWE-345
High
Moodle Improper Validation of Specified Type of Input Vulnerability (CVE-2024-43426)
CVE-2024-43426
CWE-1287
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-43425)
CVE-2024-43425
CWE-94
High
Python Other Vulnerability (CVE-2005-0089)
CVE-2005-0089
-
High
XWiki Missing Authorization Vulnerability (CVE-2024-43401)
CVE-2024-43401
CWE-862
High
Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-43394)
CVE-2024-43394
CWE-918
High
Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-43204)
CVE-2024-43204
CWE-918
High
phpBB Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2026-29199)
CVE-2026-29199
CWE-640
High
Oracle Database Server CVE-2010-2390 Vulnerability (CVE-2010-2390)
CVE-2010-2390
-
High
Jenkins Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-43044)
CVE-2024-43044
CWE-754
High
osCommerce Other Vulnerability (CVE-2004-2638)
CVE-2004-2638
-
High
phpMyAdmin Other Vulnerability (CVE-2004-2631)
CVE-2004-2631
-
High
Moodle Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-43434)
CVE-2024-43434
CWE-22
High
phpMyAdmin Other Vulnerability (CVE-2004-2630)
CVE-2004-2630
-
High
LimeSurvey Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-42902)
CVE-2024-42902
CWE-94
High
PostgreSQL Improper Validation of Specified Type of Input Vulnerability (CVE-2026-2004)
CVE-2026-2004
CWE-1287
High
«
1
...
50
51
52
...
200
»